The incident centers on the wallet generation process, a critical point of failure that potentially grants attackers access to private keys or mnemonic phrases. SecondFi, an EMURGO-backed self-custody app, paused platform activities on Tuesday to conduct an on-chain review. While the team initially pegged the impact at approximately 16 million ADA, external scrutiny from SlowMist founder Cos suggests the scope is significantly broader. By tracking specific transaction patterns, Cos identified wallets that likely hold over $20 million in stolen assets, pointing to a sophisticated exfiltration process where funds were moved in batches over several hours.
This security failure arrives at a precarious moment for the Cardano ecosystem, which has seen its native token, ADA, struggle near $0.15 amid broader market volatility. Because the flaw involves the core generation software rather than a standard smart contract error, users who created wallets through the affected service face heightened risk. SecondFi has promised an independent technical review, though the project has yet to outline a formal compensation plan for affected users. Security experts urge the community to remain vigilant against phishing attempts, as recovery scams frequently emerge following high-profile wallet breaches.
Comments (0)
No comments yet. Be the first!